<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<link rel="stylesheet" type="text/css" href="css.css">
<TITLE>Sanewall, Tools to audit your security and test your firewall.</TITLE>
<meta name="author" content="Costa Tsaousis">
<meta name="robots" content="noindex">
<meta name="description" content="

Home for sanewall, an iptables stateful packet filtering firewall builder for Linux (kernel 2.4),
supporting NAT, SNAT, DNAT, REDIRECT, MASQUERADE, DMZ, dual-homed, multi-homed and router setups,
protecting and securing hosts and LANs in all kinds of topologies. Configuration is done using
simple client and server statements while it can detect (and produce) its configuration
automatically. Sanewall is extremely easy to understand, configure and audit.

">

<meta name="keywords" content="iptables, netfilter, filter, firewall, stateful, port, secure, security, NAT, DMZ, DNAT, DSL, SNAT, redirect, router, rule, rules, automated, bash, block, builder, cable, complex, configuration, dual-homed, easy, easy configuration, example, fast, features, flexible, forward, free, gpl, helpme mode, human, intuitive, language, linux, masquerade, modem, multi-homed, open source, packet, panic mode, protect, script, service, system administration, wizard">
<meta http-equiv="Expires" content="Wed, 19 Mar 2003 00:00:01 GMT">
</HEAD>

<BODY bgcolor="#FFFFFF">

<p>

To test your firewall there are a few software tools and a few online services to help you.
<p>
I suggest the following tools (of course you need two computers to run the test):
<ul>
	<li><a href="http://www.nessus.org">Nessus</a> is probably the best open source security scanner available.
	<br><a href="http://www.nessus.org">Nessus</a> not only checks the firewall of a host, but also scans for known application vulnerabilities.
	<br>I highly recommend <a href="http://www.nessus.org">Nessus</a> for periodic (weekly, monthly, etc) scans.
	<br>For <a href="http://www.redhat.com">RedHat</a> systems you can find pre-build RPMs at <a href="http://freshrpms.net">FreshRPMs</a>.
	<br>&nbsp;
	</li>

	<li><a href="http://www.insecure.org/nmap/">Nmap</a> ("Network Mapper") is an open source utility for network exploration or security auditing.
	<br><a href="http://www.redhat.com">RedHat</a> (and possibly other) systems have <a href="http://www.insecure.org/nmap/">Nmap</a> pre-installed.
	<br>&nbsp;
	</li>
</ul>

<p>
There are a number of sites that offer firewall testing services to everyone:
<ul>
	<li><a href="http://www.auditmypc.com/">AuditMyPC</a>
	<br>&nbsp;
	</li>
	<li><a href="http://www.dslreports.com/scan">BroadBand Reports</a> port scanner.
	<br>&nbsp;
	</li>
	<li><a href="http://www.securityspace.com/sspace/index.html" target="securityspace">Security Space</a>, a commercial service with a free scan.
	<br>These people are using something like <a href="http://www.nessus.org">Nessus</a> (if not <a href="http://www.nessus.org">Nessus</a> itself).
	<br>&nbsp;
	</li>
	<li><a href="https://grc.com/x/ne.dll?bh0bkyd2">Shields UP!!</a> NanoProbe Technology Internet Security Testing for... Windows Users.
	(note: well, it says for Windows, but it is a port scanner with a limited range of ports to be scanned...)
	<br>&nbsp;
	</li>
	<li><a href="http://scan.sygate.com">SyGate Online Services (S.O.S.)</a> Very nice site to quickly check the security
	of your system. They have a <b>stealth</b> scanner that tries to break the firewall with a few nice ways (this can show
	you the difference between sanewall and a hand made stateless firewall).
	<br>&nbsp;
	</li>
</ul>

<p>
Other testers on the net:
<ul>
	<li><a href="http://www.powertech.no/smurf/">Smurf Amplifier Registry (SAR)</a> The SAR is a tool for Internet administrators being attacked by or implicated in smurf attacks, or those who wish to take precautions.
	<br>&nbsp;
	</li>
</ul>

<p>
Other useful links:
<ul>
	<li><a href="http://www.insecure.org/tools.html">Top 50 Security Tools</a> for UNIX</li>
</ul>


<p>
<hr noshade size=1>
<table border=0 width="100%">
<tr><td align=center valign=middle>
	<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&amp;type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
</td><td align=center valign=middle>
	<b>Sanewall</b>, a firewall for humans...<br>
	&copy; Copyright 2004
	Costa Tsaousis <a href="mailto: costa@tsaousis.gr">&lt;costa@tsaousis.gr&gt</a>
</body>
</html>
